search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
fixes entering bootload messages to be less scary
[RRG-proxmark3.git] / client / src / comms.c
blob21e63402c792c317bda6070ac1c2e54de822c4b2
1 //-----------------------------------------------------------------------------
2 // Copyright (C) Proxmark3 contributors. See AUTHORS.md for details.
3 //
4 // This program is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
8 //
9 // This program is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU General Public License for more details.
13 //
14 // See LICENSE.txt for the text of the license.
15 //-----------------------------------------------------------------------------
16 // Code for communicating with the proxmark3 hardware.
17 //-----------------------------------------------------------------------------
18
19 #include "comms.h"
20
21 #include <inttypes.h>
22 #include <string.h>
23 #include <stdio.h>
24 #include <stdlib.h>
25
26 #include "uart/uart.h"
27 #include "ui.h"
28 #include "crc16.h"
29 #include "util.h" // g_pendingPrompt
30 #include "util_posix.h" // msclock
31 #include "util_darwin.h" // en/dis-ableNapp();
32 #include "usart_defs.h"
33
34 // #define COMMS_DEBUG
35 // #define COMMS_DEBUG_RAW
36
37 // Serial port that we are communicating with the PM3 on.
38 static serial_port sp = NULL;
39
40 communication_arg_t g_conn;
41 capabilities_t g_pm3_capabilities;
42
43 static pthread_t communication_thread;
44 static pthread_t reconnect_thread;
45
46 static bool reconnect_ok = false;
47
48 static bool comm_thread_dead = false;
49 static bool comm_raw_mode = false;
50 static uint8_t *comm_raw_data = NULL;
51 static size_t comm_raw_len = 0;
52 static size_t comm_raw_pos = 0;
53
54 // Transmit buffer.
55 static PacketCommandOLD txBuffer;
56 static PacketCommandNGRaw txBufferNG;
57 static size_t txBufferNGLen;
58 static bool txBuffer_pending = false;
59 static pthread_mutex_t txBufferMutex = PTHREAD_MUTEX_INITIALIZER;
60 static pthread_cond_t txBufferSig = PTHREAD_COND_INITIALIZER;
61
62 // Used by PacketResponseReceived as a ring buffer for messages that are yet to be
63 // processed by a command handler (WaitForResponse{,Timeout})
64 static PacketResponseNG rxBuffer[CMD_BUFFER_SIZE];
65
66 // Points to the next empty position to write to
67 static int cmd_head = 0;
68
69 // Points to the position of the last unread command
70 static int cmd_tail = 0;
71
72 // to lock rxBuffer operations from different threads
73 static pthread_mutex_t rxBufferMutex = PTHREAD_MUTEX_INITIALIZER;
74
75 // Global start time for WaitForResponseTimeout & dl_it, so we can reset timeout when we get packets
76 // as sending lot of these packets can slow down things wuite a lot on slow links (e.g. hw status or lf read at 9600)
77 static uint64_t timeout_start_time;
78
79 static uint64_t last_packet_time;
80
81 static bool dl_it(uint8_t *dest, uint32_t bytes, PacketResponseNG *response, size_t ms_timeout, bool show_warning, uint32_t rec_cmd);
82
83 // Simple alias to track usages linked to the Bootloader, these commands must not be migrated.
84 // - commands sent to enter bootloader mode as we might have to talk to old firmwares
85 // - commands sent to the bootloader as it only supports OLD frames (which will always be the case for old BL)
86 void SendCommandBL(uint64_t cmd, uint64_t arg0, uint64_t arg1, uint64_t arg2, void *data, size_t len) {
87 SendCommandOLD(cmd, arg0, arg1, arg2, data, len);
88 }
89
90 void SendCommandOLD(uint64_t cmd, uint64_t arg0, uint64_t arg1, uint64_t arg2, const void *data, size_t len) {
91 PacketCommandOLD c = {CMD_UNKNOWN, {0, 0, 0}, {{0}}};
92 c.cmd = cmd;
93 c.arg[0] = arg0;
94 c.arg[1] = arg1;
95 c.arg[2] = arg2;
96 if (len && data)
97 memcpy(&c.d, data, len);
98
99 #ifdef COMMS_DEBUG
100 PrintAndLogEx(NORMAL, "Sending %s", "OLD");
101 #endif
102 #ifdef COMMS_DEBUG_RAW
103 print_hex_break((uint8_t *)&c.cmd, sizeof(c.cmd), 32);
104 print_hex_break((uint8_t *)&c.arg, sizeof(c.arg), 32);
105 print_hex_break((uint8_t *)&c.d, sizeof(c.d), 32);
106 #endif
107
108 if (!g_session.pm3_present) {
109 PrintAndLogEx(WARNING, "Sending bytes to Proxmark3 failed ( " _RED_("offline") " )");
110 return;
111 }
112
113 pthread_mutex_lock(&txBufferMutex);
114 /**
115 This causes hangups at times, when the pm3 unit is unresponsive or disconnected. The main console thread is alive,
116 but comm thread just spins here. Not good.../holiman
117 **/
118 while (txBuffer_pending) {
119 // wait for communication thread to complete sending a previous command
120 pthread_cond_wait(&txBufferSig, &txBufferMutex);
121 }
122
123 txBuffer = c;
124 txBuffer_pending = true;
125
126 // tell communication thread that a new command can be send
127 pthread_cond_signal(&txBufferSig);
128
129 pthread_mutex_unlock(&txBufferMutex);
130
131 //__atomic_test_and_set(&txcmd_pending, __ATOMIC_SEQ_CST);
132 }
133
134 static void SendCommandNG_internal(uint16_t cmd, uint8_t *data, size_t len, bool ng) {
135 #ifdef COMMS_DEBUG
136 PrintAndLogEx(INFO, "Sending %s", ng ? "NG" : "MIX");
137 #endif
138
139 if (!g_session.pm3_present) {
140 PrintAndLogEx(INFO, "Sending bytes to proxmark failed - offline");
141 return;
142 }
143 if (len > PM3_CMD_DATA_SIZE) {
144 PrintAndLogEx(WARNING, "Sending %zu bytes of payload is too much, abort", len);
145 return;
146 }
147
148 PacketCommandNGPostamble *tx_post = (PacketCommandNGPostamble *)((uint8_t *)&txBufferNG + sizeof(PacketCommandNGPreamble) + len);
149
150 pthread_mutex_lock(&txBufferMutex);
151 /**
152 This causes hangups at times, when the pm3 unit is unresponsive or disconnected. The main console thread is alive,
153 but comm thread just spins here. Not good.../holiman
154 **/
155 while (txBuffer_pending) {
156 // wait for communication thread to complete sending a previous command
157 pthread_cond_wait(&txBufferSig, &txBufferMutex);
158 }
159
160 txBufferNG.pre.magic = COMMANDNG_PREAMBLE_MAGIC;
161 txBufferNG.pre.ng = ng;
162 txBufferNG.pre.length = len;
163 txBufferNG.pre.cmd = cmd;
164 if (len > 0 && data) {
165 memcpy(&txBufferNG.data, data, len);
166 }
167
168 if ((g_conn.send_via_fpc_usart && g_conn.send_with_crc_on_fpc) || ((!g_conn.send_via_fpc_usart) && g_conn.send_with_crc_on_usb)) {
169 uint8_t first = 0, second = 0;
170 compute_crc(CRC_14443_A, (uint8_t *)&txBufferNG, sizeof(PacketCommandNGPreamble) + len, &first, &second);
171 tx_post->crc = (first << 8) + second;
172 } else {
173 tx_post->crc = COMMANDNG_POSTAMBLE_MAGIC;
174 }
175
176 txBufferNGLen = sizeof(PacketCommandNGPreamble) + len + sizeof(PacketCommandNGPostamble);
177
178 #ifdef COMMS_DEBUG_RAW
179 print_hex_break((uint8_t *)&txBufferNG.pre, sizeof(PacketCommandNGPreamble), 32);
180 if (ng) {
181 print_hex_break((uint8_t *)&txBufferNG.data, len, 32);
182 } else {
183 print_hex_break((uint8_t *)&txBufferNG.data, 3 * sizeof(uint64_t), 32);
184 print_hex_break((uint8_t *)&txBufferNG.data + 3 * sizeof(uint64_t), len - 3 * sizeof(uint64_t), 32);
185 }
186 print_hex_break((uint8_t *)tx_post, sizeof(PacketCommandNGPostamble), 32);
187 #endif
188 txBuffer_pending = true;
189
190 // tell communication thread that a new command can be send
191 pthread_cond_signal(&txBufferSig);
192
193 pthread_mutex_unlock(&txBufferMutex);
194
195 //__atomic_test_and_set(&txcmd_pending, __ATOMIC_SEQ_CST);
196 }
197
198 void SendCommandNG(uint16_t cmd, uint8_t *data, size_t len) {
199 SendCommandNG_internal(cmd, data, len, true);
200 }
201
202 void SendCommandMIX(uint64_t cmd, uint64_t arg0, uint64_t arg1, uint64_t arg2, const void *data, size_t len) {
203 uint64_t arg[3] = {arg0, arg1, arg2};
204 if (len > PM3_CMD_DATA_SIZE_MIX) {
205 PrintAndLogEx(WARNING, "Sending %zu bytes of payload is too much for MIX frames, abort", len);
206 return;
207 }
208 uint8_t cmddata[PM3_CMD_DATA_SIZE];
209 memcpy(cmddata, arg, sizeof(arg));
210 if (len && data)
211 memcpy(cmddata + sizeof(arg), data, len);
212 SendCommandNG_internal(cmd, cmddata, len + sizeof(arg), false);
213 }
214
215
216 /**
217 * @brief This method should be called when sending a new command to the pm3. In case any old
218 * responses from previous commands are stored in the buffer, a call to this method should clear them.
219 * A better method could have been to have explicit command-ACKS, so we can know which ACK goes to which
220 * operation. Right now we'll just have to live with this.
221 */
222 void clearCommandBuffer(void) {
223 //This is a very simple operation
224 pthread_mutex_lock(&rxBufferMutex);
225 cmd_tail = cmd_head;
226 pthread_mutex_unlock(&rxBufferMutex);
227 }
228 /**
229 * @brief storeCommand stores a USB command in a circular buffer
230 * @param UC
231 */
232 static void storeReply(const PacketResponseNG *packet) {
233 pthread_mutex_lock(&rxBufferMutex);
234 if ((cmd_head + 1) % CMD_BUFFER_SIZE == cmd_tail) {
235 //If these two are equal, we're about to overwrite in the
236 // circular buffer.
237 PrintAndLogEx(FAILED, "WARNING: Command buffer about to overwrite command! This needs to be fixed!");
238 fflush(stdout);
239 }
240 //Store the command at the 'head' location
241 PacketResponseNG *destination = &rxBuffer[cmd_head];
242 memcpy(destination, packet, sizeof(PacketResponseNG));
243
244 //increment head and wrap
245 cmd_head = (cmd_head + 1) % CMD_BUFFER_SIZE;
246 pthread_mutex_unlock(&rxBufferMutex);
247 }
248 /**
249 * @brief getCommand gets a command from an internal circular buffer.
250 * @param response location to write command
251 * @return 1 if response was returned, 0 if nothing has been received
252 */
253 static int getReply(PacketResponseNG *packet) {
254 pthread_mutex_lock(&rxBufferMutex);
255 //If head == tail, there's nothing to read, or if we just got initialized
256 if (cmd_head == cmd_tail) {
257 pthread_mutex_unlock(&rxBufferMutex);
258 return 0;
259 }
260
261 //Pick out the next unread command
262 memcpy(packet, &rxBuffer[cmd_tail], sizeof(PacketResponseNG));
263
264 //Increment tail - this is a circular buffer, so modulo buffer size
265 cmd_tail = (cmd_tail + 1) % CMD_BUFFER_SIZE;
266
267 pthread_mutex_unlock(&rxBufferMutex);
268 return 1;
269 }
270
271 //-----------------------------------------------------------------------------
272 // Entry point into our code: called whenever we received a packet over USB
273 // that we weren't necessarily expecting, for example a debug print.
274 //-----------------------------------------------------------------------------
275 static void PacketResponseReceived(PacketResponseNG *packet) {
276
277 // we got a packet, reset WaitForResponseTimeout timeout
278 uint64_t prev_clk = __atomic_load_n(&last_packet_time, __ATOMIC_SEQ_CST);
279 uint64_t clk = msclock();
280 __atomic_store_n(&timeout_start_time, clk, __ATOMIC_SEQ_CST);
281 __atomic_store_n(&last_packet_time, clk, __ATOMIC_SEQ_CST);
282 (void) prev_clk;
283 // PrintAndLogEx(NORMAL, "[%07"PRIu64"] RECV %s magic %08x length %04x status %04x crc %04x cmd %04x",
284 // clk - prev_clk, packet->ng ? "NG" : "OLD", packet->magic, packet->length, packet->status, packet->crc, packet->cmd);
285
286 switch (packet->cmd) {
287 // First check if we are handling a debug message
288 case CMD_DEBUG_PRINT_STRING: {
289
290 char s[PM3_CMD_DATA_SIZE + 1];
291 memset(s, 0x00, sizeof(s));
292
293 size_t len;
294 uint16_t flag;
295 if (packet->ng) {
296 struct d {
297 uint16_t flag;
298 uint8_t buf[PM3_CMD_DATA_SIZE - sizeof(uint16_t)];
299 } PACKED;
300 const struct d *data = (struct d *)&packet->data.asBytes;
301 len = packet->length - sizeof(data->flag);
302 flag = data->flag;
303 memcpy(s, data->buf, len);
304 } else {
305 len = MIN(packet->oldarg[0], PM3_CMD_DATA_SIZE);
306 flag = packet->oldarg[1];
307 memcpy(s, packet->data.asBytes, len);
308 }
309
310 if (flag & FLAG_LOG) {
311 if (g_pendingPrompt) {
312 PrintAndLogEx(NORMAL, "");
313 g_pendingPrompt = false;
314 }
315 //PrintAndLogEx(NORMAL, "[" _MAGENTA_("pm3") "] ["_BLUE_("#")"] " "%s", s);
316 PrintAndLogEx(NORMAL, "[" _BLUE_("#") "] %s", s);
317 } else {
318 if (flag & FLAG_INPLACE) {
319 PrintAndLogEx(NORMAL, "\r" NOLF);
320 }
321
322 PrintAndLogEx(NORMAL, "%s" NOLF, s);
323
324 if (flag & FLAG_NEWLINE) {
325 PrintAndLogEx(NORMAL, "");
326 }
327 }
328 break;
329 }
330 case CMD_DEBUG_PRINT_INTEGERS: {
331 if (packet->ng == false) {
332 PrintAndLogEx(NORMAL, "[" _MAGENTA_("pm3") "] ["_BLUE_("#")"] " "%" PRIx64 ", %" PRIx64 ", %" PRIx64 ""
333 , packet->oldarg[0]
334 , packet->oldarg[1]
335 , packet->oldarg[2]
336 );
337 }
338 break;
339 }
340 // iceman: hw status - down the path on device, runs printusbspeed which starts sending a lot of
341 // CMD_DOWNLOAD_BIGBUF packages which is not dealt with. I wonder if simply ignoring them will
342 // work. lets try it.
343 default: {
344 storeReply(packet);
345 break;
346 }
347 }
348 }
349
350 // The reconnect device thread.
351 // When communication thread is dead, start up and try to start it again
352 void *uart_reconnect(void *targ) {
353
354 const communication_arg_t *connection = (communication_arg_t *)targ;
355
356 #if defined(__MACH__) && defined(__APPLE__)
357 disableAppNap("Proxmark3 polling UART");
358 #endif
359
360 uint32_t speed = USART_BAUD_RATE;
361 if (connection->uart_speed) {
362 speed = connection->uart_speed;
363 }
364
365 while (1) {
366 // throttle
367 msleep(200);
368 if (OpenProxmarkSilent(&g_session.current_device, connection->serial_port_name, speed) == false) {
369 continue;
370 }
371
372 if (g_session.pm3_present && (TestProxmark(g_session.current_device) != PM3_SUCCESS)) {
373 CloseProxmark(g_session.current_device);
374 } else {
375 break;
376 }
377 }
378
379
380 #if defined(__MACH__) && defined(__APPLE__)
381 enableAppNap();
382 #endif
383
384 __atomic_test_and_set(&reconnect_ok, __ATOMIC_SEQ_CST);
385
386 pthread_exit(NULL);
387 return NULL;
388 }
389
390 void StartReconnectProxmark(void) {
391 pthread_create(&reconnect_thread, NULL, &uart_reconnect, &g_conn);
392 }
393
394 bool IsReconnectedOk(void) {
395 bool ret = __atomic_load_n(&reconnect_ok, __ATOMIC_SEQ_CST);
396 return ret;
397 }
398
399 // The communications thread.
400 // signals to main thread when a response is ready to process.
401 //
402 static void
403 #ifdef __has_attribute
404 #if __has_attribute(force_align_arg_pointer)
405 __attribute__((force_align_arg_pointer))
406 #endif
407 #endif
408 *uart_communication(void *targ) {
409 const communication_arg_t *connection = (communication_arg_t *)targ;
410 uint32_t rxlen;
411 bool commfailed = false;
412 PacketResponseNG rx;
413 PacketResponseNGRaw rx_raw;
414 // Stash the last state of is_receiving_raw, to detect if state changed
415 bool is_receiving_raw_last = false;
416
417 #if defined(__MACH__) && defined(__APPLE__)
418 disableAppNap("Proxmark3 polling UART");
419 #endif
420
421 // is this connection->run a cross thread call?
422 while (connection->run) {
423 rxlen = 0;
424 bool ACK_received = false;
425 bool error = false;
426 int res;
427
428 // Signal to main thread that communications seems off.
429 // main thread will kill and restart this thread.
430 if (commfailed) {
431 if (g_conn.last_command != CMD_HARDWARE_RESET &&
432 g_conn.last_command != CMD_START_FLASH) {
433 PrintAndLogEx(WARNING, "\nCommunicating with Proxmark3 device " _RED_("failed"));
434 }
435 __atomic_test_and_set(&comm_thread_dead, __ATOMIC_SEQ_CST);
436 break;
437 }
438
439 bool is_receiving_raw = __atomic_load_n(&comm_raw_mode, __ATOMIC_SEQ_CST);
440
441 if (is_receiving_raw) {
442 uint8_t *bufferData = __atomic_load_n(&comm_raw_data, __ATOMIC_SEQ_CST); // read only
443 size_t bufferLen = __atomic_load_n(&comm_raw_len, __ATOMIC_SEQ_CST); // read only
444 size_t bufferPos = __atomic_load_n(&comm_raw_pos, __ATOMIC_SEQ_CST); // read and write
445 if (bufferPos < bufferLen) {
446 size_t rxMaxLen = bufferLen - bufferPos;
447
448 rxMaxLen = MIN(COMM_RAW_RECEIVE_LEN, rxMaxLen);
449
450 res = uart_receive(sp, bufferData + bufferPos, rxMaxLen, &rxlen);
451 if (res == PM3_SUCCESS) {
452 uint64_t clk = msclock();
453 __atomic_store_n(&timeout_start_time, clk, __ATOMIC_SEQ_CST);
454 __atomic_store_n(&comm_raw_pos, bufferPos + rxlen, __ATOMIC_SEQ_CST);
455 } else if (res != PM3_ENODATA) {
456 PrintAndLogEx(WARNING, "Error when reading raw data: %zu/%zu, %d", bufferPos, bufferLen, res);
457 error = true;
458 if (res == PM3_ENOTTY) {
459 commfailed = true;
460 }
461 }
462 } else {
463 // Ignore data when bufferPos >= bufferLen and is_receiving_raw has not been set to false
464 uint8_t dummyData[64];
465 uint32_t dummyLen;
466 uart_receive(sp, dummyData, sizeof(dummyData), &dummyLen);
467 }
468 } else {
469 if (is_receiving_raw_last) {
470 // is_receiving_raw changed from true to false
471
472 // Set the buffer as undefined
473 // comm_raw_data == NULL is used in SetCommunicationReceiveMode()
474 __atomic_store_n(&comm_raw_data, NULL, __ATOMIC_SEQ_CST);
475 }
476 res = uart_receive(sp, (uint8_t *)&rx_raw.pre, sizeof(PacketResponseNGPreamble), &rxlen);
477
478 if ((res == PM3_SUCCESS) && (rxlen == sizeof(PacketResponseNGPreamble))) {
479
480 rx.magic = rx_raw.pre.magic;
481 uint16_t length = rx_raw.pre.length;
482 rx.ng = rx_raw.pre.ng;
483 rx.status = rx_raw.pre.status;
484 rx.cmd = rx_raw.pre.cmd;
485
486 if (rx.magic == RESPONSENG_PREAMBLE_MAGIC) { // New style NG reply
487
488 if (length > PM3_CMD_DATA_SIZE) {
489 PrintAndLogEx(WARNING, "Received packet frame with incompatible length: 0x%04x", length);
490 error = true;
491 }
492
493 if ((!error) && (length > 0)) { // Get the variable length payload
494
495 res = uart_receive(sp, (uint8_t *)&rx_raw.data, length, &rxlen);
496
497 if ((res != PM3_SUCCESS) || (rxlen != length)) {
498
499 PrintAndLogEx(WARNING, "Received packet frame with variable part too short? %d/%d", rxlen, length);
500 error = true;
501
502 } else {
503
504 if (rx.ng) { // Received a valid NG frame
505
506 memcpy(&rx.data, &rx_raw.data, length);
507 rx.length = length;
508 if ((rx.cmd == g_conn.last_command) && (rx.status == PM3_SUCCESS)) {
509 ACK_received = true;
510 }
511
512 } else {
513 uint64_t arg[3];
514 if (length < sizeof(arg)) {
515 PrintAndLogEx(WARNING, "Received MIX packet frame with incompatible length: 0x%04x", length);
516 error = true;
517 }
518
519 if (!error) { // Received a valid MIX frame
520
521 memcpy(arg, &rx_raw.data, sizeof(arg));
522 rx.oldarg[0] = arg[0];
523 rx.oldarg[1] = arg[1];
524 rx.oldarg[2] = arg[2];
525 memcpy(&rx.data, ((uint8_t *)&rx_raw.data) + sizeof(arg), length - sizeof(arg));
526 rx.length = length - sizeof(arg);
527
528 if (rx.cmd == CMD_ACK) {
529 ACK_received = true;
530 }
531 }
532 }
533 }
534 } else if ((!error) && (length == 0)) { // we received an empty frame
535
536 if (rx.ng) {
537 rx.length = 0; // set received length to 0
538 } else { // old frames can't be empty
539 PrintAndLogEx(WARNING, "Received empty MIX packet frame (length: 0x00)");
540 error = true;
541 }
542
543 }
544
545 if (!error) { // Get the postamble
546 res = uart_receive(sp, (uint8_t *)&rx_raw.foopost, sizeof(PacketResponseNGPostamble), &rxlen);
547 if ((res != PM3_SUCCESS) || (rxlen != sizeof(PacketResponseNGPostamble))) {
548 PrintAndLogEx(WARNING, "Received packet frame without postamble");
549 error = true;
550 }
551 }
552
553 if (!error) { // Check CRC, accept MAGIC as placeholder
554 rx.crc = rx_raw.foopost.crc;
555
556 if (rx.crc != RESPONSENG_POSTAMBLE_MAGIC) {
557
558 uint8_t first, second;
559 compute_crc(CRC_14443_A, (uint8_t *)&rx_raw, sizeof(PacketResponseNGPreamble) + length, &first, &second);
560
561 if ((first << 8) + second != rx.crc) {
562 PrintAndLogEx(WARNING, "Received packet frame with invalid CRC %02X%02X <> %04X", first, second, rx.crc);
563 error = true;
564 }
565 }
566 }
567 if (!error) { // Received a valid OLD frame
568 #ifdef COMMS_DEBUG
569 PrintAndLogEx(NORMAL, "Receiving %s:", rx.ng ? "NG" : "MIX");
570 #endif
571 #ifdef COMMS_DEBUG_RAW
572 print_hex_break((uint8_t *)&rx_raw.pre, sizeof(PacketResponseNGPreamble), 32);
573 print_hex_break((uint8_t *)&rx_raw.data, rx_raw.pre.length, 32);
574 print_hex_break((uint8_t *)&rx_raw.foopost, sizeof(PacketResponseNGPostamble), 32);
575 #endif
576 PacketResponseReceived(&rx);
577 }
578 } else { // Old style reply
579 PacketResponseOLD rx_old;
580 memcpy(&rx_old, &rx_raw.pre, sizeof(PacketResponseNGPreamble));
581
582 res = uart_receive(sp, ((uint8_t *)&rx_old) + sizeof(PacketResponseNGPreamble), sizeof(PacketResponseOLD) - sizeof(PacketResponseNGPreamble), &rxlen);
583 if ((res != PM3_SUCCESS) || (rxlen != sizeof(PacketResponseOLD) - sizeof(PacketResponseNGPreamble))) {
584 PrintAndLogEx(WARNING, "Received packet OLD frame with payload too short? %d/%zu", rxlen, sizeof(PacketResponseOLD) - sizeof(PacketResponseNGPreamble));
585 error = true;
586 }
587 if (!error) {
588 #ifdef COMMS_DEBUG
589 PrintAndLogEx(NORMAL, "Receiving OLD:");
590 #endif
591 #ifdef COMMS_DEBUG_RAW
592 print_hex_break((uint8_t *)&rx_old.cmd, sizeof(rx_old.cmd), 32);
593 print_hex_break((uint8_t *)&rx_old.arg, sizeof(rx_old.arg), 32);
594 print_hex_break((uint8_t *)&rx_old.d, sizeof(rx_old.d), 32);
595 #endif
596 rx.ng = false;
597 rx.magic = 0;
598 rx.status = 0;
599 rx.crc = 0;
600 rx.cmd = rx_old.cmd;
601 rx.oldarg[0] = rx_old.arg[0];
602 rx.oldarg[1] = rx_old.arg[1];
603 rx.oldarg[2] = rx_old.arg[2];
604 rx.length = PM3_CMD_DATA_SIZE;
605 memcpy(&rx.data, &rx_old.d, rx.length);
606 PacketResponseReceived(&rx);
607 if (rx.cmd == CMD_ACK) {
608 ACK_received = true;
609 }
610 }
611 }
612 } else {
613 if (rxlen > 0) {
614 PrintAndLogEx(WARNING, "Received packet frame preamble too short: %d/%zu", rxlen, sizeof(PacketResponseNGPreamble));
615 error = true;
616 }
617 if (res == PM3_ENOTTY) {
618 commfailed = true;
619 }
620 }
621 }
622
623 is_receiving_raw_last = is_receiving_raw;
624 // TODO if error, shall we resync ?
625
626 pthread_mutex_lock(&txBufferMutex);
627
628 if (connection->block_after_ACK) {
629 // if we just received an ACK, wait here until a new command is to be transmitted
630 // This is only working on OLD frames, and only used by flasher and flashmem
631 if (ACK_received) {
632 #ifdef COMMS_DEBUG
633 PrintAndLogEx(NORMAL, "Received ACK, fast TX mode: ignoring other RX till TX");
634 #endif
635 while (!txBuffer_pending) {
636 pthread_cond_wait(&txBufferSig, &txBufferMutex);
637 }
638 }
639 }
640
641 if (txBuffer_pending) {
642
643 if (txBufferNGLen) { // NG packet
644 res = uart_send(sp, (uint8_t *) &txBufferNG, txBufferNGLen);
645 if (res == PM3_EIO) {
646 commfailed = true;
647 }
648 g_conn.last_command = txBufferNG.pre.cmd;
649 txBufferNGLen = 0;
650 } else {
651 res = uart_send(sp, (uint8_t *) &txBuffer, sizeof(PacketCommandOLD));
652 if (res == PM3_EIO) {
653 commfailed = true;
654 }
655 g_conn.last_command = txBuffer.cmd;
656 }
657
658 txBuffer_pending = false;
659
660 // main thread doesn't know send failed...
661
662 // tell main thread that txBuffer is empty
663 pthread_cond_signal(&txBufferSig);
664 }
665
666 pthread_mutex_unlock(&txBufferMutex);
667 }
668
669 // when thread dies, we close the serial port.
670 uart_close(sp);
671 sp = NULL;
672
673 #if defined(__MACH__) && defined(__APPLE__)
674 enableAppNap();
675 #endif
676
677 pthread_exit(NULL);
678 return NULL;
679 }
680
681 bool IsCommunicationThreadDead(void) {
682 bool ret = __atomic_load_n(&comm_thread_dead, __ATOMIC_SEQ_CST);
683 return ret;
684 }
685
686
687
688 // To start raw receive mode:
689 // 1. Call SetCommunicationRawReceiveBuffer(...)
690 // 2. Call SetCommunicationReceiveMode(true)
691 //
692 // To stop raw receive mode:
693 // Call SetCommunicationReceiveMode(false)
694 //
695 // Note:
696 // 1. The receiving thread won't accept any normal packets after calling
697 // SetCommunicationReceiveMode(true). You need to call
698 // SetCommunicationReceiveMode(false) to stop the raw receiving process.
699 // 2. If the received size >= len used in SetCommunicationRawReceiveBuffer(),
700 // The receiving thread will ignore the incoming data to prevent overflow.
701 // 3. Normally you only need WaitForRawDataTimeout() rather than the
702 // low level functions like SetCommunicationReceiveMode(),
703 // SetCommunicationRawReceiveBuffer() and GetCommunicationRawReceiveNum()
704
705 bool SetCommunicationReceiveMode(bool isRawMode) {
706 if (isRawMode) {
707 const uint8_t *buffer = __atomic_load_n(&comm_raw_data, __ATOMIC_SEQ_CST);
708 if (buffer == NULL) {
709 PrintAndLogEx(ERR, "Buffer for raw data is not set");
710 return false;
711 }
712 }
713 __atomic_store_n(&comm_raw_mode, isRawMode, __ATOMIC_SEQ_CST);
714 return true;
715 }
716
717 void SetCommunicationRawReceiveBuffer(uint8_t *buffer, size_t len) {
718 __atomic_store_n(&comm_raw_data, buffer, __ATOMIC_SEQ_CST);
719 __atomic_store_n(&comm_raw_len, len, __ATOMIC_SEQ_CST);
720 __atomic_store_n(&comm_raw_pos, 0, __ATOMIC_SEQ_CST);
721 }
722
723 size_t GetCommunicationRawReceiveNum(void) {
724 return __atomic_load_n(&comm_raw_pos, __ATOMIC_SEQ_CST);
725 }
726
727 bool OpenProxmarkSilent(pm3_device_t **dev, const char *port, uint32_t speed) {
728
729 sp = uart_open(port, speed, true);
730
731 // check result of uart opening
732 if (sp == INVALID_SERIAL_PORT) {
733 sp = NULL;
734 return false;
735 } else if (sp == CLAIMED_SERIAL_PORT) {
736 sp = NULL;
737 return false;
738 } else {
739 // start the communication thread
740 if (port != g_conn.serial_port_name) {
741 uint16_t len = MIN(strlen(port), FILE_PATH_SIZE - 1);
742 memset(g_conn.serial_port_name, 0, FILE_PATH_SIZE);
743 memcpy(g_conn.serial_port_name, port, len);
744 }
745 g_conn.run = true;
746 g_conn.block_after_ACK = false;
747 // Flags to tell where to add CRC on sent replies
748 g_conn.send_with_crc_on_usb = false;
749 g_conn.send_with_crc_on_fpc = true;
750 // "Session" flag, to tell via which interface next msgs should be sent: USB or FPC USART
751 g_conn.send_via_fpc_usart = false;
752
753 pthread_create(&communication_thread, NULL, &uart_communication, &g_conn);
754 __atomic_clear(&comm_thread_dead, __ATOMIC_SEQ_CST);
755 __atomic_clear(&reconnect_ok, __ATOMIC_SEQ_CST);
756
757 g_session.pm3_present = true; // TODO support for multiple devices
758
759 fflush(stdout);
760 if (*dev == NULL) {
761 *dev = calloc(sizeof(pm3_device_t), sizeof(uint8_t));
762 }
763 (*dev)->g_conn = &g_conn; // TODO g_conn shouldn't be global
764 return true;
765 }
766 }
767
768 bool OpenProxmark(pm3_device_t **dev, const char *port, bool wait_for_port, int timeout, bool flash_mode, uint32_t speed) {
769
770 if (wait_for_port == false) {
771 PrintAndLogEx(SUCCESS, "Using UART port " _GREEN_("%s"), port);
772 sp = uart_open(port, speed, false);
773 } else {
774 PrintAndLogEx(SUCCESS, "Waiting for Proxmark3 to appear on " _YELLOW_("%s"), port);
775 fflush(stdout);
776 int openCount = 0;
777 PrintAndLogEx(INPLACE, "% 3i", timeout);
778 do {
779 sp = uart_open(port, speed, false);
780 msleep(500);
781 PrintAndLogEx(INPLACE, "% 3i", timeout - openCount - 1);
782
783 } while (++openCount < timeout && (sp == INVALID_SERIAL_PORT || sp == CLAIMED_SERIAL_PORT));
784 }
785
786 // check result of uart opening
787 if (sp == INVALID_SERIAL_PORT) {
788 PrintAndLogEx(WARNING, "\n" _RED_("ERROR:") " invalid serial port " _YELLOW_("%s"), port);
789 PrintAndLogEx(HINT, "Try the shell script " _YELLOW_("`./pm3 --list`") " to get a list of possible serial ports");
790 sp = NULL;
791 return false;
792 } else if (sp == CLAIMED_SERIAL_PORT) {
793 PrintAndLogEx(WARNING, "\n" _RED_("ERROR:") " serial port " _YELLOW_("%s") " is claimed by another process", port);
794 PrintAndLogEx(HINT, "Try the shell script " _YELLOW_("`./pm3 --list`") " to get a list of possible serial ports");
795
796 sp = NULL;
797 return false;
798 } else {
799 // start the communication thread
800 if (port != g_conn.serial_port_name) {
801 uint16_t len = MIN(strlen(port), FILE_PATH_SIZE - 1);
802 memset(g_conn.serial_port_name, 0, FILE_PATH_SIZE);
803 memcpy(g_conn.serial_port_name, port, len);
804 }
805 g_conn.run = true;
806 g_conn.block_after_ACK = flash_mode;
807 // Flags to tell where to add CRC on sent replies
808 g_conn.send_with_crc_on_usb = false;
809 g_conn.send_with_crc_on_fpc = true;
810 // "Session" flag, to tell via which interface next msgs should be sent: USB or FPC USART
811 g_conn.send_via_fpc_usart = false;
812
813 pthread_create(&communication_thread, NULL, &uart_communication, &g_conn);
814 __atomic_clear(&comm_thread_dead, __ATOMIC_SEQ_CST);
815 g_session.pm3_present = true; // TODO support for multiple devices
816
817 fflush(stdout);
818 if (*dev == NULL) {
819 *dev = calloc(sizeof(pm3_device_t), sizeof(uint8_t));
820 }
821 (*dev)->g_conn = &g_conn; // TODO g_conn shouldn't be global
822 return true;
823 }
824 }
825
826 // check if we can communicate with Pm3
827 int TestProxmark(pm3_device_t *dev) {
828
829 uint16_t len = 32;
830 uint8_t data[len];
831 for (uint16_t i = 0; i < len; i++) {
832 data[i] = i & 0xFF;
833 }
834
835 __atomic_store_n(&last_packet_time, msclock(), __ATOMIC_SEQ_CST);
836 clearCommandBuffer();
837 SendCommandNG(CMD_PING, data, len);
838
839 uint32_t timeout;
840
841 #ifdef USART_SLOW_LINK
842 // 10s timeout for slow FPC, e.g. over BT
843 // as this is the very first command sent to the pm3
844 // that initiates the BT connection
845 timeout = 10000;
846 #else
847 timeout = 1000;
848 #endif
849
850 PacketResponseNG resp;
851 if (WaitForResponseTimeoutW(CMD_PING, &resp, timeout, false) == 0) {
852 return PM3_ETIMEOUT;
853 }
854
855 bool error = memcmp(data, resp.data.asBytes, len) != 0;
856 if (error) {
857 return PM3_EIO;
858 }
859
860 SendCommandNG(CMD_CAPABILITIES, NULL, 0);
861 if (WaitForResponseTimeoutW(CMD_CAPABILITIES, &resp, 1000, false) == 0) {
862 return PM3_ETIMEOUT;
863 }
864
865 if ((resp.length != sizeof(g_pm3_capabilities)) || (resp.data.asBytes[0] != CAPABILITIES_VERSION)) {
866 PrintAndLogEx(ERR, _RED_("Capabilities structure version sent by Proxmark3 is not the same as the one used by the client!"));
867 PrintAndLogEx(ERR, _RED_("Please flash the Proxmark3 with the same version as the client."));
868 return PM3_EDEVNOTSUPP;
869 }
870
871 memcpy(&g_pm3_capabilities, resp.data.asBytes, sizeof(capabilities_t));
872 g_conn.send_via_fpc_usart = g_pm3_capabilities.via_fpc;
873 g_conn.uart_speed = g_pm3_capabilities.baudrate;
874
875 bool is_tcp_conn = (g_conn.send_via_ip == PM3_TCPv4 || g_conn.send_via_ip == PM3_TCPv6);
876 bool is_bt_conn = (memcmp(g_conn.serial_port_name, "bt:", 3) == 0);
877 bool is_udp_conn = (g_conn.send_via_ip == PM3_UDPv4 || g_conn.send_via_ip == PM3_UDPv6);
878
879 PrintAndLogEx(SUCCESS, "Communicating with PM3 over %s%s%s%s",
880 (g_conn.send_via_fpc_usart) ? _GREEN_("FPC UART") : _GREEN_("USB-CDC"),
881 (is_tcp_conn) ? " over " _GREEN_("TCP") : "",
882 (is_bt_conn) ? " over " _GREEN_("BT") : "",
883 (is_udp_conn) ? " over " _GREEN_("UDP") : ""
884 );
885 if (g_conn.send_via_fpc_usart) {
886 PrintAndLogEx(SUCCESS, "PM3 UART serial baudrate: " _GREEN_("%u") "\n", g_conn.uart_speed);
887 } else {
888 int res;
889 if (g_conn.send_via_local_ip) {
890 // (g_conn.send_via_local_ip == true) -> ((is_tcp_conn || is_udp_conn) == true)
891 res = uart_reconfigure_timeouts(is_tcp_conn ? UART_TCP_LOCAL_CLIENT_RX_TIMEOUT_MS : UART_UDP_LOCAL_CLIENT_RX_TIMEOUT_MS);
892 } else if (is_tcp_conn || is_udp_conn) {
893 res = uart_reconfigure_timeouts(UART_NET_CLIENT_RX_TIMEOUT_MS);
894 } else {
895 res = uart_reconfigure_timeouts(UART_USB_CLIENT_RX_TIMEOUT_MS);
896 }
897 if (res != PM3_SUCCESS) {
898 return res;
899 }
900 }
901 return PM3_SUCCESS;
902 }
903
904 void CloseProxmark(pm3_device_t *dev) {
905 dev->g_conn->run = false;
906
907 #ifdef __BIONIC__
908 if (communication_thread != 0) {
909 pthread_join(communication_thread, NULL);
910 }
911 #else
912 pthread_join(communication_thread, NULL);
913 #endif
914
915 if (sp) {
916 uart_close(sp);
917 }
918
919 // Clean up our state
920 sp = NULL;
921 #ifdef __BIONIC__
922 if (communication_thread != 0) {
923 memset(&communication_thread, 0, sizeof(pthread_t));
924 }
925 #else
926 memset(&communication_thread, 0, sizeof(pthread_t));
927 #endif
928
929 g_session.pm3_present = false;
930 }
931
932 // Gives a rough estimate of the communication delay based on channel & baudrate
933 // Max communication delay is when sending largest frame and receiving largest frame
934 // Empirical measures on FTDI with physical cable:
935 // "hw pingng 512"
936 // usb -> 6..32ms
937 // 460800 -> 40..70ms
938 // 9600 -> 1100..1150ms
939 // ~ = 12000000 / USART_BAUD_RATE
940 // Let's take 2x (maybe we need more for BT link?)
941 static size_t communication_delay(void) {
942 // needed also for Windows USB USART??
943 if (g_conn.send_via_fpc_usart) {
944 return 2 * (12000000 / g_conn.uart_speed);
945 }
946 return 0;
947 }
948
949
950 /**
951 * @brief Wait for receiving a specified amount of bytes
952 *
953 * @param buffer The receive buffer
954 * @param len The maximum receive byte size
955 * @param ms_timeout the maximum timeout
956 * @param show_process print how many bytes are received
957 * @return the number of received bytes
958 */
959 size_t WaitForRawDataTimeout(uint8_t *buffer, size_t len, size_t ms_timeout, bool show_process) {
960 uint8_t print_counter = 0;
961 size_t last_pos = 0;
962
963 // Add delay depending on the communication channel & speed
964 if (ms_timeout != (size_t) - 1) {
965 ms_timeout += communication_delay();
966 }
967 __atomic_store_n(&timeout_start_time, msclock(), __ATOMIC_SEQ_CST);
968
969 SetCommunicationRawReceiveBuffer(buffer, len);
970 SetCommunicationReceiveMode(true);
971
972 size_t pos = 0;
973 while (pos < len) {
974
975 if (kbd_enter_pressed()) {
976 // Send anything to stop the transfer
977 PrintAndLogEx(INFO, "Stopping");
978 SendCommandNG(CMD_BREAK_LOOP, NULL, 0);
979
980 // For ms_timeout == -1, pos < len might always be true
981 // so user need a spectial way to break this loop
982 if (ms_timeout == (size_t) - 1) {
983 break;
984 }
985 }
986
987 pos = __atomic_load_n(&comm_raw_pos, __ATOMIC_SEQ_CST);
988
989 // Check the timeout if pos is not updated
990 if (last_pos == pos) {
991 uint64_t tmp_clk = __atomic_load_n(&timeout_start_time, __ATOMIC_SEQ_CST);
992 // If ms_timeout == -1, the loop can only be breaked by pressing Enter or receiving enough data
993 if ((ms_timeout != (size_t) - 1) && (msclock() - tmp_clk > ms_timeout)) {
994 break;
995 }
996 } else {
997 // Print process when (print_counter % 64) == 0
998 if (show_process && (print_counter & 0x3F) == 0) {
999 PrintAndLogEx(INFO, "[%zu/%zu]", pos, len);
1000 }
1001 }
1002
1003 print_counter++;
1004 last_pos = pos;
1005 msleep(10);
1006 }
1007 if (pos == len && (ms_timeout != (size_t) - 1)) {
1008 // If ms_timeout != -1, when the desired data is received, tell the arm side
1009 // to stop the current process, and wait for some time to make sure the process
1010 // has been stopped.
1011 // If ms_timeout == -1, the user might not want to break the existing process
1012 // on the arm side.
1013 SendCommandNG(CMD_BREAK_LOOP, NULL, 0);
1014 msleep(ms_timeout);
1015 }
1016 SetCommunicationReceiveMode(false);
1017 pos = __atomic_load_n(&comm_raw_pos, __ATOMIC_SEQ_CST);
1018 return pos;
1019 }
1020
1021 /**
1022 * @brief Waits for a certain response type. This method waits for a maximum of
1023 * ms_timeout milliseconds for a specified response command.
1024
1025 * @param cmd command to wait for, or CMD_UNKNOWN to take any command.
1026 * @param response struct to copy received command into.
1027 * @param ms_timeout display message after 3 seconds
1028 * @param show_warning display message after 3 seconds
1029 * @return true if command was returned, otherwise false
1030 */
1031 bool WaitForResponseTimeoutW(uint32_t cmd, PacketResponseNG *response, size_t ms_timeout, bool show_warning) {
1032
1033 PacketResponseNG resp;
1034 // init to ZERO
1035 resp.cmd = 0,
1036 resp.length = 0,
1037 resp.magic = 0,
1038 resp.status = 0,
1039 resp.crc = 0,
1040 resp.ng = false,
1041 resp.oldarg[0] = 0;
1042 resp.oldarg[1] = 0;
1043 resp.oldarg[2] = 0;
1044 memset(resp.data.asBytes, 0, PM3_CMD_DATA_SIZE);
1045
1046 if (response == NULL) {
1047 response = &resp;
1048 }
1049
1050 // Add delay depending on the communication channel & speed
1051 if (ms_timeout != (size_t) - 1)
1052 ms_timeout += communication_delay();
1053
1054 __atomic_store_n(&timeout_start_time, msclock(), __ATOMIC_SEQ_CST);
1055
1056 // Wait until the command is received
1057 while (true) {
1058
1059 // if device gets disconnected or resets, break out of this loop
1060 if (IsCommunicationThreadDead()) {
1061 break;
1062 }
1063
1064 while (getReply(response)) {
1065 if (cmd == CMD_UNKNOWN || response->cmd == cmd) {
1066 return true;
1067 }
1068
1069 if (response->cmd == CMD_WTX && response->length == sizeof(uint16_t)) {
1070 uint16_t wtx = response->data.asDwords[0] & 0xFFFF;
1071 PrintAndLogEx(DEBUG, "Got Waiting Time eXtension request %i ms", wtx);
1072 if (ms_timeout != (size_t) - 1) {
1073 ms_timeout += wtx;
1074 }
1075 }
1076 }
1077
1078 uint64_t tmp_clk = __atomic_load_n(&timeout_start_time, __ATOMIC_SEQ_CST);
1079 if ((ms_timeout != (size_t) - 1) && (msclock() - tmp_clk > ms_timeout)) {
1080 break;
1081 }
1082
1083 if (msclock() - tmp_clk > 3000 && show_warning) {
1084 // 3 seconds elapsed (but this doesn't mean the timeout was exceeded)
1085 PrintAndLogEx(INFO, "You can cancel this operation by pressing the pm3 button");
1086 show_warning = false;
1087 }
1088 // just to avoid CPU busy loop:
1089 msleep(1);
1090 }
1091 return false;
1092 }
1093
1094 bool WaitForResponseTimeout(uint32_t cmd, PacketResponseNG *response, size_t ms_timeout) {
1095 return WaitForResponseTimeoutW(cmd, response, ms_timeout, true);
1096 }
1097
1098 bool WaitForResponse(uint32_t cmd, PacketResponseNG *response) {
1099 return WaitForResponseTimeoutW(cmd, response, -1, true);
1100 }
1101
1102 /**
1103 * Data transfer from Proxmark to client. This method times out after
1104 * ms_timeout milliseconds.
1105 * @brief GetFromDevice
1106 * @param memtype Type of memory to download from proxmark
1107 * @param dest Destination address for transfer
1108 * @param bytes number of bytes to be transferred
1109 * @param start_index offset into Proxmark3 BigBuf[]
1110 * @param data used by SPIFFS to provide filename
1111 * @param datalen used by SPIFFS to provide filename length
1112 * @param response struct to copy last command (CMD_ACK) into
1113 * @param ms_timeout timeout in milliseconds
1114 * @param show_warning display message after 2 seconds
1115 * @return true if command was returned, otherwise false
1116 */
1117 bool GetFromDevice(DeviceMemType_t memtype, uint8_t *dest, uint32_t bytes, uint32_t start_index, uint8_t *data, uint32_t datalen, PacketResponseNG *response, size_t ms_timeout, bool show_warning) {
1118
1119 if (dest == NULL) return false;
1120
1121 PacketResponseNG resp;
1122 if (response == NULL) {
1123 response = &resp;
1124 }
1125
1126 // init to ZERO
1127 resp.cmd = 0,
1128 resp.length = 0,
1129 resp.magic = 0,
1130 resp.status = 0,
1131 resp.crc = 0,
1132 resp.ng = false,
1133 resp.oldarg[0] = 0;
1134 resp.oldarg[1] = 0;
1135 resp.oldarg[2] = 0;
1136 memset(resp.data.asBytes, 0, PM3_CMD_DATA_SIZE);
1137
1138 if (bytes == 0) return true;
1139
1140
1141 // clear
1142 clearCommandBuffer();
1143
1144 switch (memtype) {
1145 case BIG_BUF: {
1146 SendCommandMIX(CMD_DOWNLOAD_BIGBUF, start_index, bytes, 0, NULL, 0);
1147 return dl_it(dest, bytes, response, ms_timeout, show_warning, CMD_DOWNLOADED_BIGBUF);
1148 }
1149 case BIG_BUF_EML: {
1150 SendCommandMIX(CMD_DOWNLOAD_EML_BIGBUF, start_index, bytes, 0, NULL, 0);
1151 return dl_it(dest, bytes, response, ms_timeout, show_warning, CMD_DOWNLOADED_EML_BIGBUF);
1152 }
1153 case SPIFFS: {
1154 SendCommandMIX(CMD_SPIFFS_DOWNLOAD, start_index, bytes, 0, data, datalen);
1155 return dl_it(dest, bytes, response, ms_timeout, show_warning, CMD_SPIFFS_DOWNLOADED);
1156 }
1157 case FLASH_MEM: {
1158 SendCommandMIX(CMD_FLASHMEM_DOWNLOAD, start_index, bytes, 0, NULL, 0);
1159 return dl_it(dest, bytes, response, ms_timeout, show_warning, CMD_FLASHMEM_DOWNLOADED);
1160 }
1161 case SIM_MEM: {
1162 //SendCommandMIX(CMD_DOWNLOAD_SIM_MEM, start_index, bytes, 0, NULL, 0);
1163 //return dl_it(dest, bytes, response, ms_timeout, show_warning, CMD_DOWNLOADED_SIMMEM);
1164 return false;
1165 }
1166 case FPGA_MEM: {
1167 SendCommandNG(CMD_FPGAMEM_DOWNLOAD, NULL, 0);
1168 return dl_it(dest, bytes, response, ms_timeout, show_warning, CMD_FPGAMEM_DOWNLOADED);
1169 }
1170 case MCU_FLASH:
1171 case MCU_MEM: {
1172 uint32_t flags = (memtype == MCU_MEM) ? READ_MEM_DOWNLOAD_FLAG_RAW : 0;
1173 SendCommandBL(CMD_READ_MEM_DOWNLOAD, start_index, bytes, flags, NULL, 0);
1174 return dl_it(dest, bytes, response, ms_timeout, show_warning, CMD_READ_MEM_DOWNLOADED);
1175 }
1176 }
1177 return false;
1178 }
1179
1180 static bool dl_it(uint8_t *dest, uint32_t bytes, PacketResponseNG *response, size_t ms_timeout, bool show_warning, uint32_t rec_cmd) {
1181
1182 uint32_t bytes_completed = 0;
1183 __atomic_store_n(&timeout_start_time, msclock(), __ATOMIC_SEQ_CST);
1184
1185 // Add delay depending on the communication channel & speed
1186 if (ms_timeout != (size_t) - 1)
1187 ms_timeout += communication_delay();
1188
1189 while (true) {
1190
1191 if (getReply(response)) {
1192
1193 if (response->cmd == CMD_ACK)
1194 return true;
1195 if (response->cmd == CMD_SPIFFS_DOWNLOAD && response->status == PM3_EMALLOC)
1196 return false;
1197 // Spiffs // fpgamem-plot download is converted to NG,
1198 if (response->cmd == CMD_SPIFFS_DOWNLOAD || response->cmd == CMD_FPGAMEM_DOWNLOAD)
1199 return true;
1200
1201 // sample_buf is a array pointer, located in data.c
1202 // arg0 = offset in transfer. Startindex of this chunk
1203 // arg1 = length bytes to transfer
1204 // arg2 = bigbuff tracelength (?)
1205 if (response->cmd == rec_cmd) {
1206
1207 uint32_t offset = response->oldarg[0];
1208 uint32_t copy_bytes = MIN(bytes - bytes_completed, response->oldarg[1]);
1209 //uint32_t tracelen = response->oldarg[2];
1210
1211 // extended bounds check1. upper limit is PM3_CMD_DATA_SIZE
1212 // shouldn't happen
1213 copy_bytes = MIN(copy_bytes, PM3_CMD_DATA_SIZE);
1214
1215 // extended bounds check2.
1216 if (offset + copy_bytes > bytes) {
1217 PrintAndLogEx(FAILED, "ERROR: Out of bounds when downloading from device, offset %u | len %u | total len %u > buf_size %u", offset, copy_bytes, offset + copy_bytes, bytes);
1218 break;
1219 }
1220
1221 memcpy(dest + offset, response->data.asBytes, copy_bytes);
1222 bytes_completed += copy_bytes;
1223 } else if (response->cmd == CMD_WTX && response->length == sizeof(uint16_t)) {
1224 uint16_t wtx = response->data.asDwords[0] & 0xFFFF;
1225 PrintAndLogEx(DEBUG, "Got Waiting Time eXtension request %i ms", wtx);
1226 if (ms_timeout != (size_t) - 1)
1227 ms_timeout += wtx;
1228 }
1229 }
1230
1231 uint64_t tmp_clk = __atomic_load_n(&timeout_start_time, __ATOMIC_SEQ_CST);
1232 if (msclock() - tmp_clk > ms_timeout) {
1233 PrintAndLogEx(FAILED, "Timed out while trying to download data from device");
1234 break;
1235 }
1236
1237 if (msclock() - tmp_clk > 3000 && show_warning) {
1238 // 3 seconds elapsed (but this doesn't mean the timeout was exceeded)
1239 PrintAndLogEx(INFO, "Waiting for a response from the Proxmark3...");
1240 PrintAndLogEx(INFO, "You can cancel this operation by pressing the pm3 button");
1241 show_warning = false;
1242 }
1243 }
1244 return false;
1245 }
Proxmark3 - the RFID research Swiss army knife. Iceman firmware